Address resolution protocol (ARP) message processing method, device and access equipment

Abstract

The invention provides address resolution protocol (ARP) message processing method, device and access equipment. The method comprises the following steps of: detecting whether an ARP message conforms to the preset anti-cheating feature entry of the access equipment when the access equipment receives the ARP message transmitted by a terminal through privileged ports, wherein the anti-cheating feature entry comprises the filtration of ARP messages of which the transmit leg IP address is the IP address of any legal terminal of the access equipment and ARP messages of which the transmit leg MAC address is the MAC address of any legal terminal, and the privileged ports comprise ports which do not set up static ARP detection functions; and if the ARP message conforms to the preset anti-cheatingfeature entry, filtering the ARP message. The invention effectively prevents an illegal terminal from carrying out ARP cheat by personating a legal terminal through privileged ports. Besides, the invention can be realized without the participation of gateway equipment and a user's host, thereby ensuring simple network configuration and improving the flexibility, the stability and the safety of network allocation.

Description

technical field [0001] The invention relates to the field of communication technologies, in particular to a processing method, device and access equipment for address resolution protocol messages. Background technique [0002] In the current network technology, terminal devices are distinguished in the network by an Internet Protocol (Internet Protocol, IP) address. Therefore, in communication, when the sender terminal device that initiates the communication sends a message to other terminal devices, it needs to obtain the Media Access Control (MAC) address of the target terminal to complete the encapsulation of the sent message, which requires Realize the conversion between the IP address and MAC address of the device. At present, the address conversion is usually implemented by Address Resolution Protocol (ARP for short), and the ARP protocol converts the IP address of the target terminal device into a MAC address to ensure smooth progress of communication. [0003] Beca...

AI Technical Summary

Problems solved by technology

[0005] Through this detection method, although ARP attacks inside the LAN can be defended to a certain extent, this method also has certain defects: for static ARP detection entries, it can only be used when the access device has enabled the ARP detection function. Therefore, if you want to implement global ARP defense on access devices, you need to enable the detection function on all ports, which will limit the flexibility of network deployment to a large extent

Therefore, for these secure channel ports, if the hosts under this port initiate ARP spoofing due to reasons such as ARP poisoning or malicious attacks, since this port cannot perform ARP detection, these hosts can successfully spoof the gateway or gateway connected to the same access device. Other legitimate user hosts, resulting in a great security risk

Images